AI Agents Now Handle Sensitive Security Tasks for Most Firms
▼ Summary
– 93% of global organizations use or plan to use AI agents for security tasks like password resets and VPN access, despite risks of breaches and data leaks.
– 92% of respondents admit AI is installed on local machines with access to SSH and encryption keys, increasing security exposure.
– 74% of organizations agree that AI will increase attacks on identity infrastructure.
– Only 32% of respondents are “very confident” they could recover from an AI-driven credential exposure.
– 65% of organizations fully register, authenticate, and authorize AI identities, while 6% do not track them at all.
A staggering 93% of global organizations are either already using or planning to deploy AI agents for security tasks like password resets and VPN access, according to a new study from identity security firm Semperis. This rush to automation comes despite the clear risks of serious breaches and data leaks.
The vendor surveyed 1,100 organizations across the US, UK, France, Germany, Spain, Italy, Singapore, and Australia for its State of Identity Security in the AI Era report. Beyond using agents for sensitive security work within the next 12 months, 92% of respondents admitted that AI is installed on at least some local machines with access to SSH and encryption keys, further amplifying their exposure. Meanwhile, 74% agreed that AI will increase attacks on identity infrastructure.
Despite these self-inflicted vulnerabilities, only 32% of respondents said they were “very confident” they could regain control after an AI-driven credential exposure.
“What is striking about the study is not just how quickly AI is being integrated into identity systems but how unprepared many organizations are to recover when things go wrong,” said Grace Cassy, a partner at cybersecurity venture capital firm Ten Eleven Ventures. “Introducing AI at the identity layer offers operational advantages, but it must be accompanied by guardrails, observability and recovery readiness. It is a new dimension of an old question, really: are you resilient enough to respond in the event of critical disruption?”
Too Many Agents, Too Many Permissions
An explosion in non-human identities (NHIs) including AI agents is complicating identity governance for security teams. The proliferation of these agents creates a glut of abandoned “zombie” agents and shadow NHIs that threat actors can hijack. The problem is compounded by the fact that many are over-permissioned, granted the same rights as human users, the report explains.
The study reveals that only 65% of organizations fully register, authenticate, and authorize their AI identities in a formal system, while 6% don’t track them at all. Of those that do, over half (57%) use the same system as for human identities.
What Best Practice Looks Like for AI Identity
The positive takeaway is that AI identity governance is a priority for 83% of global organizations in the next 12 months, according to the study. However, it remains unclear what specific measures they will take to control, monitor, and secure usage. For now, Semperis recommends that organizations take proactive steps to manage and secure their AI identities before a crisis hits.
(Source: Infosecurity Magazine)
